Interesting, Just took a look at it, so far so easy lol. The login box is a piece of cake. Perhaps you should check how it verify’s the codes 
1 Like
That was actually a very nice tip 
1 Like
Lol. All this obfuscation and all you had to do was call a function
Took me about 30 minutes to figure that out. Should have been less.
never mind my previous comment… how does one create spoiler text?
[spoiler] Text to hide [/spoiler]
It isn’t that hard ^.^
Here’s how:
When we enter to register, we can see that it asks for invite-code…
Let’s see the source:
Uhmm… This one seems interesting, when we enter it we get:
Ohh obsfucated…
I’ll use jsbeautifier.org:
So, there are two functions, one to check, and to generate!
we’ll focus on the generate one…
So it creates a request of type POST to: https://www.hackthebox.gr/api/invite/generate…
With this in Postfields: dataType=json
Awesome, let’s try to send a request like that and see the result…
We got code!
let’s decode that base64
HQDRA-HDMXN-WRZEC-RCEYA-XURMM
And here we go, we got our registration code 
…
Hope it helped, if you got stuck in the registration of course!
3 Likes
Hi ,
I am not able to generate the code . I found the function and executed in the console. But it always gives me the error - ‘In order to generate the invite code, make a POST request to /api/invite/generate’
can any one help.
In the function its taking the url as ‘url: ‘/api/invite/how/to/generate’’ . But i am getting the error message as the above.
- Use Hackbar ( a mozilla add-on ), which i think you will like…
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
Or, just a programming language… ( Javascript used as an example… )
function send_post(){
var url = "https://www.hackthebox.gr/api/invite/generate";
var postdata = {'dataType':'json'};
var request = new XMLHttpRequest();
request.open("POST", url, 1);
request.send(postdata);
request.onreadystatechange = function(){
if( request.readyState == 4 ){
var response = JSON.parse(request.responseText);
var encrypted = response.data.code;
var format = response.data.format;
if( format == "encoded" ){
var decrypted = atob(encrypted);
}else{
var decrypted = encrypted;
}
alert(decrypted);
}
}
}
send_post();
Run it in console, and you will get your registration code 
!
1 Like
After to get access to hackthebox i saw some interesting challenges. If i get sucess in some i’ll to expose it here.
I think you should read the rules for members creating tutorials on exploiting machines in the network. It ain’t friendly 
2 Likes
Well look at that, Our sergeant is still alive!
It has been a while old friend. Where did you go?
1 Like
I’m always around watching you and watching them. A lot of personal work, busy revamping my old website and learning a lot so pretty occupied lately.
was easy , to crack the login haha but must try
IP: 10.10.10.6
Hostname: Popcorn
WalkThrough Video:
http://www.mediafire.com/file/j2dl6c6d62c7qlr/popcorn_user.rar
Compressed With Winrar
1 Like
I would strongly recommend uploading to YouTube, or Vimeo, or even to 0x0.st. So that people can stream it.
I Have a Bad Net 512 kb/s so if anyone can do that i’ll edit my post am so sorry !
I’m uploading it on vid.me because I don’t have Youtube and Vimeo doesn’t accept custom emails, I will edit this post when is done!
EDIT: @DamaneDz, there is the video: https://vid.me/wLa3
2 Likes
3 Likes
I’m glad to see so many people having fun with this. I know i am. I created this thread before i read the rules regarding discussing the lab. Too late now.
1 Like
Please don’t post solutions / walkthroughs.
I STRONGLY recommend everyone to read this: https://www.hackthebox.eu/en/home/rules
Especially Rule 7.
I think it’s not fair to participate in such an awesome learning experience, that is - on top of that - offered for FREE and then shit all over their rules.
EDIT:
@thomaslnx @DamaneDz @pry0cc
6 Likes